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Amondments to tha Claims: 

This listing of daims will replace all prior versiorre. and listings, of claims in 
the application: 

LtsBna of Claims: 

r^. (Cancelled). 

7. (New) A method implemented in a computer system, comprising: 
generating a public key/private key pair; 

encrypting data using the public key; 

generating a protection key; 

encrypting the public key using the protection key; 

storing the encrypted data and the encrypted public key In a first 

database record; 
encrypting the protection key; and 

storing the encrypted pn^tection key in a second database record, 

8. (New) The method of claim 7. further comprising: 

generating a symmetric key based on a unique user iderrtifier; and 
encrypting the private key using the symmetric key. 

g. (New) The method of claim 8 wherein generating a symmetric key 
based on a unique user identifier comprises generating a synvnetric key 
bas^ on a user's user identification (ID), password, and nonce, 

10, (New) The method of daim 8, further comprising decrypting the 
encrypted private key using ihe symmetric key. 

1 1 , (New) The method of claim 7. further comprising: 
generating an integrity key; 

aecrypting tne encrypted public Key using the integrity key; and 
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storing the integrity key in a third database record in encrypted 
fomn. 

12. (New) The method of claim 7, further comprising: 
receiving a request from a requestor for access to the data; 
authorizing the request based on a list of authorized requestors; 
sending the requested data to the requestor If the requestor is authorized; 

and 

refusing the request for data if the requestor is not authorized, 

13. (New) A system, comprising: 
a computer; 

a database comprising encrypted data, the database accessible to the 
computer; 

a key management process executing on the computer; 

an encrypted public l^ey stored in the database, the public Key used to 

encrypt the data; and 
an errcrypted private key stored in the database, the private key used to 

dec^pt the data; 

wherein the key management process executing on the computer uses a 

first master key to encrypt the public key; and 
wherein the key management process executing on the computer uses a 

unique user kientifier to generate a symmetric key, the symmetric 

key used to encrypt the private key. 

14- (New) The system of claim 13, further comprising: 

an application process executing on the computer, the applicatwn 
process interacting with the key management process to 
access the data; 
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wherein the application process provides the unique user identifier used to 
generate the symmetric key, the symmetric key further used to 
decrypt the private key. 

15. (New) The system of claim 14, further comprising: 

a list of processes authorized to access the database; 

wherein the data from the database is provided to the application process 
by the key management process if the list of processes authorized 
to access the database comprises the application process. 

16. (New) The system of claim 13, wherein the key management process 
uses the first master key to decrypt the public key. 

17. (New) The system of claim 13, wherein the first master key is stored in 
encrypted form in the database. 

18. (New) The system of claim 13, wherein the key management process 
uses a second master key to decrypt the public key, 

19. (New) The system of claim 18, wherein the second master key is stored in 
encrypted form In the database. 

20. (New) The system of claim 13, further comprising: 
a physical memory storing a decrypted master key; 

wherein the decrypted master key is not swapped or paged out of 
the physical memory. 

21. (New) A storage medium containing software that can be executed on a 
processor and that causes the processor to: 

generate a public key used to encrypt data; 
generate a private key used to decrypt the data; 
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generate a protection key used to encrypt the public key; 

store the data, the public key, the private key, and the protection 

key in encrypted form in a database; and 
generate a symmetric key used to encrypt and decrypt the private 

key, the symmetric key generation based on one or more 

unique user- ID/password pairs. 

22. (New) The storage medium of claim 21, the software further causing the 
processor to decrypt the public key using the protection key. 

23. (New) The storage nr\edium of claim 21, the software further causing the 
processor to: 

generate an integrity key used to decrypt the public key; and 
store the integrity key in encrypted form in the database. 

24. (New) The storage medium of cfaim 21, the software further causing the 
processor to: 

accept a request for access to the data by a requestor; 

grant the request for access to the data if a list of authorized requestors 

comprises the requestor; and 
refuse the request for access to the data If the list of authorized requestors 

does not comprise the requestor. 
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